With the rise in both mobile malware and apps designed to collect personally identifiable information, McAfee, part of Intel Security, warns mobile users to think twice before downloading apps.
Recent McAfee research shows that an alarming amount of mobile users are allowing apps to mine their personal data in exchange for use of the app. Over half (51 per cent) of users allow access to their photos, 43 per cent to personal contact information and a further 38 per cent allow access to their phone’s contact list – sharing contact details for friends, family and colleagues. McAfee also found that 82 per cent of apps track you, and 80 per cent of apps collect location information.
Globally, 2.4 million new mobile malware samples were added in 2013, up 190 per cent from 2012. Across the Asia Pacific Region, mobile users in India, Russia, and Japan encountered the most malicious code.
One of the most common behaviours – shown by more than one-third of the malware – is to collect and send device data that can be used to build a profile of the mobile device owner’s behaviour. There’s also a high prevalence of acts commonly associated with device hijacking, such as making the mobile device into a bot and installing other, even more malicious malware.
“In recent years, mobile and tablet devices have become the number one way in which we connect to the Internet, use social media sites, conduct online banking and make financial transactions on the go. McAfee has found that privacy-invading apps dominate the landscape, some containing malware, and many leveraging ad libraries to target unsuspecting app users,” says Sean Duca, Chief Technology Officer, McAfee Asia Pacific, part of Intel Security.
“While most apps are completely safe to use, some apps have a covert mission – to collect and share information on users. It is because of this, we are worried about the level of personal information that users are naturally willing to share with apps without concern,” says Duca.
“Just one malware infection could have a devastating effect on a user’s phone, blocking access to contact details, phone usability or it could be programmed to skim personal information without their knowledge. It could also impact other devices on a home or community network,” says Duca.
App Scams To Watch Out For:
- Mobile Shopping Apps – Official looking shopping apps, including those that feature celebrity or company endorsements, could be malicious, designed to steal or send out your personal data. Criminals can redirect incoming calls and messages, offering them the chance to bypass two-step authentication systems where the second step involves sending a code to a mobile device.
- Mobile SMS Scams – FakeInstaller tricks Android users into thinking it is a legitimate installer for an application and then quickly takes advantage of the unrestricted access to smartphones, sending SMS messages to premium rate numbers without the user’s consent.
- Gift Scams – In-app advertisements that offer deals on must-have items, such as the PS4 or Xbox One, might be too good to be true. Clever criminals will post dangerous links and phony contests to entice users to reveal personal information or download malware onto their devices.
Privacy Tips from McAfee:
- Don’t just give away your privacy. Look at the permissions apps ask for and don’t download apps that ask for personally identifiable information (PII) or extra permissions beyond the ones the app itself needs.
- Beware of apps that scour your device for interesting information they should never share – such as ‘users you may know’, locations and friend’s contact details to ‘share updates’.
- Instal a mobile security software